which does work fine it find or creates a user, finds or create there social account record in the db, auths them with JWT gets a token and returns it.

But at this point in my flow im stuck in my api. the user should be redirected back into the SPA app. I could do something which I dont like the sound of, instead of returning the response in the callback doing something like

return redirect()->to('/some-spa-route')

But I dont think the api should be aware of the SPA it should be two independent codebases.

Has anyone any ideas of how to successfully implement oauth with JWT like this? Im thinking maye the callback url needs to be set to my SPA which then sends it to my API and exchanges it for a JWT token. But im not sure with this flow how to make the API aware of the token issued initially form the provider? Can I take the initial token issued send it to the API which refreshes it at the thrid party provider sends it back to the api which in turn exchanges it for a JWT?